防止ProGuard混淆类成员名称

77

我的班ClassMultiPoint有子班。

public class ClassMultiPoints
 {
   public String message;
   public List<ClassPoints> data;

   public class ClassPoints
    {
      public String id;
      public List<ClassPoint> points;
      public class ClassPoint
       {
         public String speed;
         public String bearing;
       }
    }
 }

oPoints将从解析中获得对象的价值GSON

oPoints = gson.fromJson( jsonString, ClassMultiPoints.class);

我尝试使用oPoints.message

当我运行我的应用程序而没有proguard成功运行应用程序时。当proguard我的应用崩溃时运行我的应用时。

我认为问题是:proguard'oPoints.message'班级的属性重命名为short 'a'

我尝试保持方法和属性的名称不变,但是proguard将其重命名:

proguard.cfg:

-injars      bin/classes
-injars      libs
-outjars     bin/classes-processed.jar
-dontpreverify
-repackageclasses ''
-allowaccessmodification
-optimizations !code/simplification/arithmetic
-keepattributes *Annotation*
-dontskipnonpubliclibraryclasses
-optimizationpasses 5
-printmapping map.txt
-flattenpackagehierarchy

-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.MapActivity
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider

-libraryjars  libs/commons-io-2.2.jar
-libraryjars  libs/ftp4j-1.7.1.jar
-libraryjars  libs/gson-2.2.2.jar

-keep public class org.apache.commons.io.**
-keep public class it.sauronsoftware.ftp4j.**
-keep public class com.google.gson.**

-keep public class com.mypackagename.ActivityMonitor$*

-keep public class * extends android.view.View {
    public <init>(android.content.Context);
    public <init>(android.content.Context, android.util.AttributeSet);
    public <init>(android.content.Context, android.util.AttributeSet, int);
    public void set*(...);
}

-keepclasseswithmembers class * {
    public <init>(android.content.Context, android.util.AttributeSet);
}

-keepclasseswithmembers class * {
    public <init>(android.content.Context, android.util.AttributeSet, int);
}

-keepclassmembers class * extends android.content.Context {
   public void *(android.view.View);
   public void *(android.view.MenuItem);
}

-keepclassmembers class * implements android.os.Parcelable {
    static android.os.Parcelable$Creator CREATOR;
}

-keepclassmembers class **.R$* {
    public static <fields>;
}

保留第一个(静态)类的方法和属性的名称的正确方法是什么?

java  android  proguard  obfuscation 
西班牙小吃
source

Answers:

69

如果您不希望混淆您的班级成员,请使用SerializedNameGson提供的注释。例如:

public class ClassMultiPoints
{
   @SerializedName("message")
   public String message;
   @SerializedName("data")
   public List<ClassPoints> data;

   ...

}

此外,请确保也为Gson库添加了正确的proguard配置。例如:

##---------------Begin: proguard configuration for Gson ----------
# Gson uses generic type information stored in a class file when working with
#fields. Proguard removes such information by default, so configure it to keep
#all of it.
-keepattributes Signature

# For using GSON @Expose annotation
-keepattributes *Annotation*

# Gson specific classes
-keep class sun.misc.Unsafe { *; }
#-keep class com.google.gson.stream.** { *; }

# Application classes that will be serialized/deserialized over Gson
-keep class com.google.gson.examples.android.model.** { *; }

##---------------End: proguard configuration for Gson ----------

有关更多信息,请阅读此内容

瓦卡萨拉姆
source
1
-keep com.google.gson.examples.android.model。**类* * }它对我有用,但是当我在apk上应用反向engg时,我得到了所有模型类且成员没有更改,这破坏了安全性目的,没有其他选择,我们也可以混淆模型吗?
umesh 2014年
7
您是否@SerializedName在班级成员上方使用注释?因为这样做的话,就不需要像对待那样绕过proguard配置中的自定义类模糊处理com.google.gson.examples.android.model.** { *; }
waqaslam 2014年
不,实际上我想混淆它。但是现在我意识到,如果字段名称更改,那么它们将不匹配json键,因此gson无法解析它。
umesh 2014年
3
正是...这就是为什么我们需要使用@SerializedName
waqaslam 2014年
此选项适用于全班吗?
奥利弗·迪克森
28

感谢Waqas!

我为我的情况找到了解决方案:

-optimizationpasses 5
-dump class_files.txt
-printseeds seeds.txt
-printusage unused.txt
-printmapping mapping.txt
-optimizations !code/simplification/arithmetic,!field/*,!class/merging*/
-allowaccessmodification
-repackageclasses ''

-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.MapActivity
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider

-libraryjars  libs/commons-io-2.2.jar
-libraryjars  libs/gson-2.2.2.jar
-keep public class org.apache.commons.io.**
-keep public class com.google.gson.**
-keep public class com.google.gson.** {public private protected *;}

##---------------Begin: proguard configuration for Gson ----------
-keepattributes *Annotation*,Signature
-keep class com.mypackage.ActivityMonitor.ClassMultiPoints.** { *; }
-keep public class com.mypackage.ActivityMonitor$ClassMultiPoints     { public protected *; }
-keep public class com.mypackage.ActivityMonitor$ClassMultiPoints$ClassPoints { public protected *; }
-keep public class com.mypackage.ActivityMonitor$ClassMultiPoints$ClassPoints$ClassPoint { public protected *; }
# To support Enum type of class members
-keepclassmembers enum * { *; } 
##---------------End: proguard configuration for Gson ----------

另外,我不在@SerializedName("message")课堂上使用,上述配置无需序列化即可正常工作。

西班牙小吃
source
@iDroid Explorer我使用apkTool来测试发行版apk,但是混淆对我不起作用,它没有重命名类
Muhammad Younas
1
此设置不允许混淆代码。您是否需要混淆代码?
Tapa Save
是的,此代码不是模糊的,或者我正在测试发行版本错误的apk
Muhammad Younas
24

我还发现-keepclassmembers使用Dexguard的优化选项时需要这样做。没有这个,我的几个模型对象无法反序列化 

##---------------Begin: proguard configuration for Gson  ----------
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature

# For using GSON @Expose annotation
-keepattributes *Annotation*

# Application classes that will be serialized/deserialized over Gson, keepclassmembers
-keep class com.myapp.model.** { *; }
-keepclassmembers class com.myapp.model.** { *; }
斯科蒂塔布
source
1
特别感谢-keepclassmembers class com.myapp.model.** { *; }。尽管我使用的是jackson lib而不是gson,但该行对我有所帮助!谢谢。
Mirjalal
9

如果@Expose像我一样使用注释,则可以告诉ProGuard对其进行注释的任何字段:

# keep anything annotated with @Expose
-keepclassmembers public class * {
    @com.google.gson.annotations.Expose *;
}
# Also keep classes that @Expose everything
-keep @com.google.gson.annotations.Expose public class *
食人鱼
source
根据GSON,javadoc @Expose只能定位字段。所以第二条指令似乎没用
安东·卡扎科夫
1

您可以跳过所有请求类型类中的混淆

open class Request
data class Example(val name: String) : Request()

proguard-rules.pro

-keepclassmembers class * extends <your-package-name>.util.ws.Request { *; }

GL

布莱恩·科罗内尔
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.